FERRAMENTAS LINUX: Critical Security Update: glib2 Vulnerability Patched (CVE-2025-3360)

quarta-feira, 21 de maio de 2025

Critical Security Update: glib2 Vulnerability Patched (CVE-2025-3360)

 

SUSE


Critical glib2 security update (CVE-2025-3360) patches a high-risk integer overflow flaw affecting SUSE Linux. Learn how to protect your systems with the latest patches. Severity: CVSS 8.2. #CyberSecurity

Severity: Moderate (CVSS: 8.2)
Affected Systems:

  • openSUSE Leap 15.4

  • SUSE Linux Enterprise Micro 5.3-5.5

  • SUSE Linux Enterprise Micro for Rancher

Security Risk Overview

A newly discovered integer overflow and buffer underread vulnerability in glib2 (CVE-2025-3360) could allow attackers to exploit improper ISO 8601 timestamp parsing via g_date_time_new_from_iso8601()

This flaw affects multiple enterprise Linux distributions, requiring immediate patching to prevent potential denial-of-service (DoS) attacks.

Key Technical Details

  • CVSS 4.0 Score: 8.2 (High Risk) – Network-exploitable with low attack complexity.

  • Impact: Memory corruption leading to system instability.

  • Affected Function: g_date_time_new_from_iso8601() in glib2.

🔍 Why This Matters for Enterprises:

  • Linux servers running SUSE-based systems are at risk.

  • Containerized environments (e.g., Rancher) may face cascading failures if unpatched.

How to Apply the Security Patch

Patch Installation Methods

  1. Recommended: Use YaST online_update or zypper patch.

  2. Manual Update (CLI): Run the following commands based on your OS:

    bash
    Copy
    Download
    # openSUSE Leap 15.4  
zypper in -t patch SUSE-2025-1599=1  

# SUSE Linux Enterprise Micro 5.3-5.5  
zypper in -t patch SUSE-SLE-Micro-5.X-2025-1599=1

Affected Packages

PackageVersionArchitecture
glib2-lang2.70.5Noarch
libglib-2_0-02.70.5x86_64, aarch64, s390x
glib2-tools2.70.5Multi-arch

Mitigation & Best Practices

✅ Immediate Action: Apply patches to prevent exploitation.

✅ Verification: Check system logs for anomalous timestamp parsing attempts.

✅ Long-Term Security: Enable automatic updates for critical infrastructure.

⚠️ Warning: Delaying this update increases cybersecurity risks for cloud and on-prem deployments.

FAQ: glib2 Security Update

Q: Is this vulnerability actively exploited?

A: No known exploits exist yet, but patches should be applied proactively.

Q: Does this affect non-SUSE Linux distributions?

A: Only SUSE-based systems are confirmed vulnerable.

Q: What’s the worst-case impact?

A: remote attacker could crash services via malformed timestamps.

Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)